Scott Youngs Key Information Systems CIO: Everyone Needs Cybersecurity Education

Key Information SystemsScott Youngs, CIO of Key Information Systems, and I spoke about how everyone in your company needs cybersecurity training. And not just an annual refresher either. Everyone needs continuous training and feedback on that training to maintain vigilance and awareness of actual threats to corporate security.

Scott and I suggest keeping security in front of everyone with a multi-phase approach:

  • Formal training (Classroom, scenario, webinar)
  • Email reminders
  • Informal training (Signage, policies)
  • Involvement (Discussions)

Scott Youngs CIO Key Information Systems Employees can fall prey to phishing and social engineering schemes, even if they’ve just gone through training. Regular scenario-based training works quite well to keep employees safe and your network secure. We understand that security training and vigilance requires dedication and resource commitment. We’re not unsympathetic to the resources required. There are a lot of free and unobtrusive things you can do to maintain a secure environment. There’s plenty of free training and information available to you.

One final point that Scott made and I repeated in the podcast is that you have to customize security training for your employees. For example, retail employees have different security training needs than manufacturing employees do. Similarly, C-level employees have different security training needs than IT department employees do.

Key Information Systems covers Southern California but also has clients in other regions as well. If you require assistance for your security needs, please go to keyinfo.com and select a Contact Us link to engage their capable staff.

Podcast details:

Length: 18:36 minutes. Format: MP3. Rating: G.

Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.

Online Shopping Hazards with guest WWPass VP of Strategy Perry Chaffee

Perry Chaffee of WWPassPerry Chaffee, WWPass VP of Strategy, and I turn our attention toward online shopping because it is the holiday shopping season and security is a big concern, or should be, for anyone making online purchases. You don’t want your shopping experience to be tainted with unusual charges, identity theft, or account compromise of any kind. For these reasons, you need to be aware of your shopping experience and your security.

Here are a few guidelines that Perry and I talk about during the podcast:

  1. Use a strong password.
  2. Use a password manager.
  3. Use a credit card rather than a debit card for purchases.
  4. Enable two-factor authentication for better security.
  5. Before entering passwords or credit card information, look for the https in your browser’s URL.
  6. Close your browser after shopping on a site and reopen it for your next purchase.
  7. Be sure that the site you’re on is the one you want to use.
  8. Never give anyone your password over the phone.
  9. Be VERY careful of links embedded in emails as they can look very similar to real sites.
  10. Be aware of your surroundings and don’t speak your credit card information out loud in public places.

WWPassThis is not a sponsored podcast but WWPass is a commercial security solution for individuals and businesses to help keep all your online transactions and shopping experiences secure.

Length: 18:02 minutes. Format: MP3. Rating: G

Please contact us for sponsorships, sponsored posts, and videocasts.

Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.

Absolute’s Global Security Strategist Richard Henderson discusses 2018’s Security Threats

Richard HendersonRecurring guest Richard Henderson (Global Security Strategist for Absolute) and I discuss what we think are the greatest threats to security in 2018. We ponder ransomware, standard threats, cryptocurrencies, and other advanced persistent threats.  Richard and I agree that 2018 will be another significant security threat year. One thing to note is that while attackers are more persistent, there are some threats that are actually waning such as certain types of ransomware, viruses, and malware that’s easily stopped by smarter browsers, host-based firewalls, and operating system security. That said, we don’t expect attacks to decrease in 2018.

As always, our podcasts are licensed CC BY and are rated G for all audiences and venues.

Length: 29:07 minutes. Format: MP3. Rating: G.

Please contact us for sponsorships, sponsored posts, and videocasts.

ClearSky Data CTO and Co-founder Laz Vekiarides Discusses a New Approach to Cloud Storage

Laz VekiaridesLaz Vekiarides, CTO and Co-founder of ClearSky Data and I discuss a new approach to cloud storage–which deprecates the old 3-2-1 rule of making backups. Every year businesses consume more and more expensive disk space to copy, re-copy, and store data as backups, as disaster recovery, and for archival purposes. Preventing that waste is the main thrust of ClearSky Data’s primary storage, cloud backup, and disaster recovery solutions. The service is elastic and uses a “pay-as-you-use” philosophy.

Laz explains why this solution is more economical for your business and also makes your business more resilient to failure. We discuss a paradigm shift in backup methodology and the importance of business continuity.

Podcast details:

Length: 21:36 minutes. Format: MP3. Rating: G for all audiences.

ClearSky allows enterprises to access all data wherever it’s needed, on-prem or in the cloud, without ever needing to replicate the data. That’s right, no more making copies. The ClearSky service is fully elastic; pay for only what you use and scale up or down on-demand.

Copyright 2017 The SecurityNOW Podcast Show. License: CC BY.

A Ransomware Discussion with Absolute’s Richard Henderson (Podcast)

RansomwareRichard Henderson, The Global Security Strategist for Absolute, and I spoke about the global Ransomware threat, its prevention, and what to do if you’re victimized by an attack. Richard and I disagree a bit on what you should do if you’re a Ransomware victim. I say that you should never pay. He says that there are circumstances where it makes more sense to pay the ransom.

I write the introductory column for ADMIN magazine and in the most recent issue (Number 40), I wrote about this very topic. I titled it, “Feeding Seagulls is Wrong.” It is a light-hearted look at feeding seagulls, which I compare to ransomware writers. To me, paying ransomware writers is like feeding seagulls: You’re down a bag of Cheetos (Some amount of Bitcoin) and the seagulls (Ransomware writers) are never satisfied.

Listen to the podcast. Read my column. Make a decision. And feel free to tweet me @kenhess to start a discussion.

Podcast details:

Length: 24:11 minutes. Format: MP3. Rating: G for all audiences.

Copyright 2017 The SecurityNOW Podcast Show. CC BY.

ThinAir CEO Tony Gauda on Insider Threats (Podcast)

ThinAirIn Preston’s absence, I spoke with ThinAir CEO Tony Gauda about insider threats. Insider threats cost companies billions of dollars, thousands of lost labor hours, and loss of credibility with customers. If you don’t believe that insider threats are a real problem, it might interest you to know that among companies experiencing data breaches, internal actors were responsible for 43 percent of data loss, half of which was intentional and half accidental.

There are two types of insider threats that are mentioned above:

  1. The malicious insider who purposely steals data, and
  2. The unaware or innocent insider who accidentally causes a breach.

From the ThinAir website:

The average cost of a data breach is now $3.62 million, up 16% since 2013, according to a recent IBM-Ponemon report. It only takes minutes for a thief to steal information, but organizations typically need 191 days to identify a breach and another 66 days to contain it. The two major costs are related to an investigation, and the forensics to determine the root cause and the scope. Factor in the inevitable lawsuits, customer churn, and brand damage, and an organization will feel the effects of a breach for years to come.

What if instead of attempting to reconstruct the crime scene, you could play back the security tape in high definition? What if you knew the source, complete impact, and vector of exfiltration in 90 seconds?

The problem is real and it’s expensive. Tony Gauda and I explore the many possibilities and some solutions to the problem in this podcast.

Podcast details:

Length: 20:39 mins. Format: MP3. Rating: G for all audiences.

Thanks to Tony Gauda and Caitlin Gribbons at Inkhouse for connecting us.

“Manage Access, Not Keys” with Tatu Ylönen (Podcast)

SSH CommunicationsGreetings SSH fans. Preston and I had the pleasure of speaking with SSH Communications Security founder Tatu Ylönen about keyless access and how system administrators and system security professionals should “manage access, not keys” when using the SSH protocol.

Preston and I debate the security of a decision to use passwordless and keyless access. During the call, we asked how to implement keyless access and what the deployment looks like to a system administrator. Preston and I are both system administrators, so we are definitely interested in the ins-and-outs of deployment.

Tatu YlönenAs always, Tatu is very engaging and extremely knowledgeable about the topic of security, SSH, and access management.

Podcast details:

Length: 15:52 minutes. Format: MP3. Rating: G for all audiences.

Copyright 2017 SecurityNOW. License: CC BY.